Streamlined Operations and Elevated Security: Transforming our Client’s Application to AWS
Streamlined Operations and Elevated Security: Transforming our Client’s Application to AWS
REGION
United Arab Emirates
COMPANY TYPE
Startup
INDUSTRY
FinTech
CLOUD SOLUTION
Mitigating the challenges associated with pod exposure and its consequential impacts, such as load balancing and manual configuration, included conducting a careful assessment of Kubernetes networking, pods, and services. This structured assessment helped create a detailed plan outlining how to deploy, expose, and balance the workload of resources within the system.
THE CUSTOMER
Our customer, a comprehensive financial super-app, empowers its clients with a versatile financial account, streamlining all their monetary transactions. With an AED account that’s free of charge and commitment-free, clients can securely store, spend, and transfer money to over 160 countries in more than 99 currencies, benefiting from the best exchange rates worldwide. Our customer offers multi-currency accounts, card payments, international money transfers, peer-to-peer payments (pay, request, splitting bills), and analytics.
THE CHALLENGE
Our customer’s workload was originally hosted on a public cloud and consisted of several services for deploying the application. Primarily adopting a microservices architecture, the application aimed for optimal performance, fault isolation, and scalability. It was deployed on the public cloud using Docker images stored and fetched from the Docker registry. An automated software deployment lifecycle (SDLC) was created to manage the release of new application versions. On the database front, multiple platforms such as PostgreSQL, MariaDB, and a Redis cache cluster were employed by the microservices. Several issues emerged prompting our customer to consider migrating to AWS for resolution. These issues included the following points:
- Security Enhancements: Given that our customer is a financial application, prioritizing enhancing its security setup was crucial. Meeting security standards was essential to get greater trust among its end users
- Pod Exposure and Load Balancing Challenges: The ineffective pod exposure setup led to challenges in configuring both public and private connections as well as complicating load balancing setup, necessitating additional effort for rule modifications.
- Manual Configuration Burden: our customer application’s disregard for Kubernetes’ auto-creation feature resulted in increased manual setup tasks.
THE SOLUTION
The customer chose Bespin Global to assess the challenges and requirements. Subsequently, a migration plan was prepared to migrate all resources from the public cloud to AWS, aiming to address the challenges and issues identified by the customer. Moreover, maintaining minimal downtime during migration was critical to preserving an uninterrupted user experience. This was achieved through precise planning of the cutover process, strategically timed to coincide with periods of reduced application traffic, ensuring a seamless transition without disruption to user activities.
The workload migration to AWS includes managing three tiers of resources: network, application, and database. The deployment of resources proceeded as outlined below:
- Network and Accounts Setup: Separate AWS accounts were created, for non-production (development and SIT environments) and production (main and DR environments). The decision was driven to streamline resource management and enhance security. Aligning with AWS’s best practices, this setup ensures data locality by locating the primary region in the UAE and the DR region in Bahrain. By following AWS guidelines for hosting resources privately, the network setup in each account enhances data security.
- Application Migration: Bespin Global opted for a microservices architecture and leveraged various AWS compute resources for hosting the migrated application. This strategy was selected to capitalize on the strengths of each service: AWS EKS for managing microservices, AWS ECS for hosting the application’s front end, AWS EC2 for website hosting, and AWS ECR for Docker image storage. The choice of these services addressed several challenges, including scalability, resource management, and containerized deployment complexities. EKS and ECS provide robust orchestration capabilities for managing microservices efficiently, while EC2 offers flexibility and control for hosting the website. Additionally, ECR simplifies the management and distribution of Docker images, streamlining the deployment process. Overall, this strategic selection of AWS services facilitated a smoother migration process while addressing key technical requirements.
Security enhancements were implemented by activating AWS-provided security services to safeguard the application, ensuring following the best security practices and meeting industry standards for a protected application. The activated security services comprised:
- AWS Config: Bespin strategically implemented AWS Config to enhance security measures for the customer’s workload. By continuously monitoring resource configurations, detecting non-compliance, and automating remediation processes, AWS Config ensures the following security best practices and regulatory requirements, enhancing the overall security posture of the customer’s application.
- AWS SecurityHub: Bespin empowered the customer’s security strategy by enabling AWS Security Hub as a centralized security management tool. This implementation offers the customer comprehensive insights into security threats, vulnerabilities, and compliance issues across AWS accounts. By enabling proactive threat detection and efficient security response measures, Security Hub enhances the customer’s ability to mitigate security risks effectively.
- AWS Secrets Manager: Bespin integrated AWS Secrets Manager into the customer’s infrastructure to protect sensitive information securely. This service securely stores rotates, and manages access to credentials, API keys, and other secrets, ensuring compliance with security policies and mitigating the risk of unauthorized access. By leveraging Secrets Manager, Bespin strengthens the data security framework of the customer’s application.
- AWS Certificate Manager: Bespin facilitated enhanced security measures for the customer by implementing AWS Certificate Manager. This service simplifies the issuance, management, and renewal of SSL/TLS certificates, automating certificate deployment and ensuring encryption integrity for securing websites and applications. By automating certificate management processes, the Certificate Manager reinforces data protection measures for the customer’s workload.
In addressing the challenges of pod exposure, particularly its implications on load balancing and manual configuration, proactive measures were taken. “Mitigating the challenges associated with pod exposure and its consequential impacts, such as load balancing and manual configuration, included conducting a careful assessment of Kubernetes networking, pods, and services,” explained Dania Alrefai, Senior DevOps Engineer at Bespin Global. “This structured assessment helped create a detailed plan outlining how to deploy, expose, and balance the workload of resources within the system.”
RESULTS & BENEFITS
In the migration planning, all challenges and requirements were addressed, ensuring a successful migration across all environments to AWS with minimal downtime. The outcomes of this migration can be summarized as follows:
Enhancing Security Measures
Leveraging AWS services, Bespin Global fortified the customer’s network infrastructure to meet stringent security requirements. This involved implementing robust encryption protocols, access controls, and continuous monitoring mechanisms to safeguard against unauthorized access and potential threats. Additionally, Bespin integrated advanced security features such as AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), and AWS Security Hub to bolster security posture and ensure compliance with industry regulations
Maximizing Cluster Efficiency
To streamline pod exposure management for the customer, Bespin Global carefully updated resources within the EKS cluster. This included optimizing resource allocation to better align with workload demands, fine-tuning networking configurations for improved performance, and ensuring seamless integration with other AWS services such as Amazon VPC and AWS CloudFormation. By adhering to industry best practices, Bespin mitigated previous complexities and enhanced overall cluster stability and efficiency.
Optimizing Load Balancing
Through detailed routing adjustments within the Kubernetes cluster, Bespin Global engineered a highly efficient load balancing setup designed to the customer’s specific workload characteristics. This involved optimizing load balancer configurations, implementing intelligent routing policies, and leveraging features such as Elastic Load Balancing to distribute traffic evenly across application instances. By fine-tuning load balancing parameters, optimal performance was achieved, latency reduced, and scalability to accommodate fluctuating demand was improved.
Streamlined Kubernetes Cluster Management
Bespin Global approach to Kubernetes cluster management focused on automation to minimize manual intervention and streamline operational processes. Bespin utilized automation tools such as AWS Lambda functions, AWS CloudFormation templates, and Kubernetes Operators to automate routine tasks such as resource provisioning, scaling, and monitoring. By implementing automated workflows and leveraging infrastructure as code principles, we enhanced operational efficiency, reduced human error, and ensured consistent deployment and management of the customer’s infrastructure.
About Bespin Global, an e& enterprise company:
An AWS Premier Tier Services Partner and AWS Managed Service Partner, BESPIN GLOBAL MEA (Middle East and Africa) is a leading provider of automated cloud solutions and consulting services, including cloud adoption, strategy, migration, implementation, Managed Services, DevOps, FinOps and Data & Analytics. Bespin is positioned as a Leader in Gartner’s 2020 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services, as well as a “Visionary” in Gartner’s 2022 Magic Quadrant for IT Transformation Services.
In late 2022, Bespin Global MEA and e& enterprise formed a joint venture with the aim to assist enterprises in their digital transformation journey and eventually become the largest pure-play public cloud-managed and professional services provider in the Middle East, Turkey, Africa, and Pakistan.
Bespin’s cloud FinOps management platform, OpsNow offers an automated end-to-end solution for customers to effectively manage cloud assets and costs, optimize cloud expenses, and automate the implementation of cloud governance policies across multi-cloud environments.
Address: The Offices 4, #138-139, One Central, Dubai World Trade Center (DWTC)
Telephone: 800 BESPIN (237746)
P.O. Box: 340729
